Alerts

Aruba has released security updates to address multiple vulnerabilities affecting HPE Aruba Networking Switches. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, cause denial of service attacks, perform cross-site scripting (XSS) attacks, and gain access to the affected products. Sample of the addressed vulnerabilities: 1. Unauthenticated Stored Cross-Site Scripting Vulnerability in […]

VMware has released a security update to fix a vulnerability across multiple versions of VMware Tools. The addressed vulnerability could allow the attacker with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine to bypass SAML token signature verification on the affected versions of VMware Tools. SAML Token Signature Bypass Vulnerability (CVE-2023-20900): CVSS:

Juniper has released a security update to fix a vulnerability across Junos OS and Junos OS Evolved. The addressed vulnerability could allow the remote attacker to cause a denial of service attack on the affected products by sending a specially crafted BGP UPDATE message. Juniper Networks Junos OS and Junos OS Evolved Denial of Service

Trend Micro has released a security update to fix several reflected cross-site scripting (XSS) vulnerabilities at Trend Micro Mobile Security (Enterprise) version 9.8. The severity of the addressed vulnerabilities could allow the remote attacker to perform reflected cross-site scripting attacks and steal the victim’s cookie-based authentication credential from the affected system by persuading the victim

Mozilla has released an updated Firefox version 117, and Firefox ESR versions 102.15, 115.2 to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, obtain sensitive information, perform a denial of service attack, bypass security restrictions, or gain access to the affected system by persuading the victim to visit

Google has released an updated Chrome version (116.0.5845.140) for Linux/Mac and (116.0.5845.140/.141) for Windows to fix a vulnerability. The addressed vulnerability is caused by a use-after-free in MediaStream which could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website.

Microsoft has released an updated Microsoft Edge stable version (116.0.1938.62) to fix multiple vulnerabilities. The addressed vulnerabilities could allow the remote attacker to elevate the privilege or execute arbitrary code on the affected system. Sample of the addressed vulnerabilities: 1. Microsoft Edge Code Execution Vulnerability (CVE-2023-4427): CVSS: 8.8 Attack Vector: Network Attack Complexity: Low Privileges

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to bypass security restrictions, read or overwrite files, or perform denial of service attacks on the affected products by sending a specially crafted request. Sample of the addressed vulnerabilities: 1. Cisco Firepower 4100 Series, Firepower 9300

Google has released an updated Chrome version (116.0.5845.110/.111) for Windows, and (116.0.5845.110) for Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the addressed vulnerabilities: Google

Aruba has released security updates to fix several vulnerabilities in EdgeConnect SD-WAN Orchestrator. The addressed vulnerabilities could allow the remote attacker to gain access, obtain information, bypass security restrictions, or trigger cross-site scripting (XSS) attacks on the affected product. Sample of the addressed vulnerabilities: 1. HPE Aruba Networking EdgeConnect SD-WAN Orchestrator Cross-Site Scripting (CVE-2023-37423): CVSS:

McAfee has released a security update to fix a vulnerability in McAfee Safe Connect versions before 2.16.1.126. The addressed vulnerability could allow the attacker to gain privileges and access the device that running the vulnerable software, or other connected devices by using a specially crafted “.DLL” file. This flaw is caused by an uncontrolled search

RARLAB has released an updated WinRAR version to fix a vulnerability in versions before WinRAR 6.23. The addressed vulnerability could allow the remote attacker to execute arbitrary code on the affected system by persuading the victim to open a specially crafted RAR file. This flaw exists within the processing of recovery volumes, as the issue

Microsoft has released an updated Microsoft Edge stable version (116.0.1901.200) to fix multiple vulnerabilities in Microsoft Edge (Chromium-based). The addressed vulnerabilities could allow the remote attacker to obtain sensitive information or gain elevated privileges on the affected system. Sample of the addressed vulnerabilities: Microsoft Edge Privilege Escalation Vulnerability (CVE-2023-36787): CVSS: 8.8 Attack Vector: Network Attack

Juniper has released a security update to fix several vulnerabilities across multiple versions of the J-Web component of Juniper Networks Junos OS on SRX and EX Series. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, and gain access to the affected versions by sending a specially crafted HTTP

Cisco has released security updates to fix multiple vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain information, perform cross site scripting, or gain elevated privileges on the affected products. Sample of the addressed vulnerabilities: 1. Cisco Unified Communications Manager SQL Injection (CVE-2023-20211): CVSS: 8.1 Attack Vector: Network Attack

Aruba has released a security update to fix several vulnerabilities in HPE Aruba Networking Virtual Intranet Access (VIA) client for Microsoft Windows version 4.5.0 and below. The addressed vulnerabilities could allow the attacker to gain elevated privileges and execute arbitrary code with NT AUTHORITYSYSTEM privileges on the operating system, or perform a denial of service

Google has released an updated Chrome version (116.0.5845.96/.97) for Windows, and (116.0.5845.96) for Linux, and Mac to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, and gain access to the affected system by persuading the victim to visit a specially crafted website. Sample of the